1. Field of the Invention
Aspects of the present invention relate generally to data encryption and decryption techniques, and more particularly to a hardware implemented system and method of encryption key management.
2. Description of Related Art
In many computer systems and network implementations, data security can be a factor that influences both architecture and software design. The motivation (e.g., on the part of users or system administrators) to prevent unauthorized access to confidential, proprietary, or otherwise sensitive data has inspired development of various data encryption techniques and has prompted advances in both hardware and software to implement those techniques.
Most encryption/decryption strategies employ cipher algorithms in conjunction with predetermined variable values (i.e., “keys”) to encrypt data; a unique data string processed by the algorithm initialized with the key should result in a unique encrypted (or “wrapped”) version of that data string. Reversing the process, i.e., applying an inverse algorithm with the same key on the encrypted data, should reproduce the original unique data string. Mere a cipher algorithm is sophisticated enough, and the length of the keys (in terms of bits per key, for instance) employed by the system is sufficiently long, such techniques can practically encrypt vast amounts of data with an extremely high likelihood that the data cannot be unencrypted without prior knowledge of the original encryption key. Conventional methodologies tend to focus on encrypting data, per se, or to restricting access to unencrypted data at the application level. At the hardware level, typical implementations do not integrate encryption/decryption functionality into a device controller such that unauthorized access to data (encrypted or unencrypted) resident on a device connected to the controller may be prevented. Further, conventional encryption techniques, both hardware- and software-based, employ strategies that ultimately render the keys themselves vulnerable to interception or other unauthorized access (e.g., via malicious software or “hacking” efforts).
Therefore, it may be desirable in some instances to provide a system and method that are capable of managing encryption keys in a hardware configuration that prevents unauthorized access to the keys.